Uploaded image for project: 'Libcloud'
  1. Libcloud
  2. LIBCLOUD-55

this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Won't Fix
    • 0.4.0
    • None
    • Core
    • None

    Description

      this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.
      urllib / urllib2, httplib.SHTTPConnection do not verify ssl at all by default.
      from base.py
      class ConnectionKey(object):
      """ A Base Connection class to derive from.
      """ conn_classes = (httplib.HTTPConnection, httplib.HTTPSConnection)

      .... def connect(self, host=None, port=None):
      ..... connection = self.conn_classesself.secure

      this request can be MITMed leading to the compromise of a users API key - where a secured https connection was requested, but can be MITM'ed.

      Attachments

        Activity

          People

            jsmith Jed Smith
            d1b dave b ^^
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: